none
Script to retrieve the session id and corresponding user RRS feed

  • Question

  • I run the following line of code

    Get-WmiObject-Query"Associators of {Win32_LogonSession.LogonId=$(156733)} Where AssocClass=Win32_LoggedOnUser Role=Dependent"-ComputerName xxxxxxx| Select-Object Domain,Name,SID,StartTime,LogonID,LogonType,LogonTypeName,ComputerName

    I noticed that for some of the network type (3) the program fails..... How the system pulls the data to fill out the class and how long the sessions are stored? It seems these sessions are not active.... but I can not tell, the status field return is blank for all the sessions that were retrieved from the machine.

     


    michael john ocasio


    • Edited by mjocasio23 Thursday, July 23, 2015 1:33 PM
    Thursday, July 23, 2015 11:39 AM

Answers

  • Try it the PowerShell way:

    $sessionid=281377
    gwmi Win32_LogonSession -Filter "LogonId=$sessionid"|%{$_.GetRelated('Win32_UserAccount')}|select caption

    Or
    gwmi Win32_LogonSession |%{$_.GetRelated('Win32_UserAccount')}|select caption


    \_(ツ)_/

    • Marked as answer by mjocasio23 Thursday, July 23, 2015 3:06 PM
    Thursday, July 23, 2015 2:44 PM
  • This for all

    gwmi Win32_LogonSession -computer ps01 |
        %{
            [pscustomobject]@{
                UserName=$_.GetRelated('Win32_UserAccount').Caption
                LogonType=$_.LogonType
            }
        }
    


    \_(ツ)_/

    • Marked as answer by mjocasio23 Thursday, July 23, 2015 3:06 PM
    Thursday, July 23, 2015 2:52 PM
  • Works fine except that system accounts (0 and 5) do not have names or captions.

    Like this:

     UserName      LogonType
    --------      ---------
                          0
                          5
                          5
    Omega\jsmith         2
    Omega\jsmith         4
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         2
    Omega\jsmith         3


    \_(ツ)_/

    • Marked as answer by mjocasio23 Monday, July 27, 2015 2:41 PM
    Thursday, July 23, 2015 6:46 PM
  • You cannot do that remotely for a domain user.

    You can use user id to get sid from the DC.


    \_(ツ)_/

    • Marked as answer by mjocasio23 Tuesday, July 28, 2015 1:10 PM
    Tuesday, July 28, 2015 12:56 PM

All replies

  • Try it the PowerShell way:

    $sessionid=281377
    gwmi Win32_LogonSession -Filter "LogonId=$sessionid"|%{$_.GetRelated('Win32_UserAccount')}|select caption

    Or
    gwmi Win32_LogonSession |%{$_.GetRelated('Win32_UserAccount')}|select caption


    \_(ツ)_/

    • Marked as answer by mjocasio23 Thursday, July 23, 2015 3:06 PM
    Thursday, July 23, 2015 2:44 PM
  • This for all

    gwmi Win32_LogonSession -computer ps01 |
        %{
            [pscustomobject]@{
                UserName=$_.GetRelated('Win32_UserAccount').Caption
                LogonType=$_.LogonType
            }
        }
    


    \_(ツ)_/

    • Marked as answer by mjocasio23 Thursday, July 23, 2015 3:06 PM
    Thursday, July 23, 2015 2:52 PM
  • It seems when I ran this statement remotely I get not value for the Caption field....

    michael john ocasio

    Thursday, July 23, 2015 6:12 PM
  • Works fine except that system accounts (0 and 5) do not have names or captions.

    Like this:

     UserName      LogonType
    --------      ---------
                          0
                          5
                          5
    Omega\jsmith         2
    Omega\jsmith         4
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         3
    Omega\jsmith         2
    Omega\jsmith         3


    \_(ツ)_/

    • Marked as answer by mjocasio23 Monday, July 27, 2015 2:41 PM
    Thursday, July 23, 2015 6:46 PM
  • We can also do this:

    gwmi Win32_LogonSession -computer omega|
        %{$_.GetRelated('Win32_UserAccount')}|
        select name,caption,sid


    \_(ツ)_/

    Thursday, July 23, 2015 6:50 PM
  • Sorry to bother..... but I can not retrieve the SID value when I login in a computer that is not the one I am assign too..... I just get a blank record. when I use the loginId from my workstation I do see a SID value and also the computer name too, If I log in in a different computer I get a blank record. This is also using the above statement.... thanks


    michael john ocasio

    Tuesday, July 28, 2015 11:14 AM
  • No idea what you are trying to ask. What is it that you are trying to get.

    Your current login ID has a different session on every login. 


    \_(ツ)_/

    Tuesday, July 28, 2015 11:25 AM
  • I am trying to get the sid and other info from the session id which remotely I am connecting too

    Machine A runs a script to remote to machine B which I am login. It retrieves logonId but there is no relataed record in win32_userAccount.

    Example.... this is my machine A, I ran the script

    gwmi Win32_LogonSession -computer A |
        %{$_.GetRelated('Win32_UserAccount')}|
        select name,caption,sid

    I do get a hit.....

    if I ran it in machine B I do not.... I am login in both machine.....


    michael john ocasio

    Tuesday, July 28, 2015 12:07 PM
  • Are you saying you want your current userid?  That ID is in the environment variable $env:USERNAME.  YOu can use that to get the SID.

    You do not need to use WMI or session id.


    \_(ツ)_/

    Tuesday, July 28, 2015 12:12 PM
  • Try this:

    gwmi win32_useraccount -filter "Name='$env:USERNAME'"|select caption,sid


    \_(ツ)_/

    Tuesday, July 28, 2015 12:14 PM
  • To be more precise you can add the domain;

    gwmi win32_useraccount -filter "Name='$env:USERNAME' and Domain='$env:USERDOMAIN'"|select caption,sid


    \_(ツ)_/

    Tuesday, July 28, 2015 12:16 PM
  • I trying to get the session id and sid of current user who login!!!

    michael john ocasio

    Tuesday, July 28, 2015 12:38 PM
  • You cannot do that remotely for a domain user.

    You can use user id to get sid from the DC.


    \_(ツ)_/

    • Marked as answer by mjocasio23 Tuesday, July 28, 2015 1:10 PM
    Tuesday, July 28, 2015 12:56 PM